CVE-2025-14930: Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability
criticalvulnerabilityLLM-Specific
security
Summary
A vulnerability in Hugging Face Transformers GLM4 allows attackers to run harmful code on a system by tricking users into opening a malicious file or visiting a malicious webpage. The problem occurs because the software doesn't properly check data when loading model weights (the numerical values that make the AI work), allowing deserialization of untrusted data (converting unsafe external files into code the system will execute).
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.3%
Classification
Attack Type
Model Theft
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
HuggingFace
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-14930
First tracked: February 15, 2026 at 08:47 PM
Classified by LLM (prompt v3) · confidence: 95%